[....] Starting enhanced syslogd: rsyslogd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[  116.930378][   T30] audit: type=1800 audit(1562703442.987:25): pid=14338 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="cron" dev="sda1" ino=2414 res=0
[  116.962291][   T30] audit: type=1800 audit(1562703443.017:26): pid=14338 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="mcstrans" dev="sda1" ino=2457 res=0
[  117.012796][   T30] audit: type=1800 audit(1562703443.047:27): pid=14338 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="startpar" name="restorecond" dev="sda1" ino=2436 res=0
[....] Starting periodic command scheduler: cron[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.
[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[1G[[32m ok [39;49m8[?25h[?0c.

Debian GNU/Linux 7 syzkaller ttyS0

Warning: Permanently added '10.128.0.92' (ECDSA) to the list of known hosts.
2019/07/09 20:17:39 fuzzer started
2019/07/09 20:17:45 dialing manager at 10.128.0.26:39875
2019/07/09 20:17:45 syscalls: 2348
2019/07/09 20:17:45 code coverage: enabled
2019/07/09 20:17:45 comparison tracing: CONFIG_KCOV_ENABLE_COMPARISONS is not enabled
2019/07/09 20:17:45 extra coverage: enabled
2019/07/09 20:17:45 setuid sandbox: enabled
2019/07/09 20:17:45 namespace sandbox: enabled
2019/07/09 20:17:45 Android sandbox: /sys/fs/selinux/policy does not exist
2019/07/09 20:17:45 fault injection: enabled
2019/07/09 20:17:45 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled
2019/07/09 20:17:45 net packet injection: enabled
2019/07/09 20:17:45 net device setup: enabled
20:20:20 executing program 0:
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xc9, 0x90, 0x4f, 0x8, 0x4bb, 0x930, 0xd24a, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x98, 0x0, 0x0, 0xd3, 0x4, 0xe8}}]}}]}}, 0x0)
syz_usb_control_io(r0, &(0x7f0000002500)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000005ec0)={0x54, &(0x7f0000005c40), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

syzkaller login: [  294.856908][T14503] IPVS: ftp: loaded support on port[0] = 21
[  295.026373][T14503] chnl_net:caif_netlink_parms(): no params data found
[  295.091820][T14503] bridge0: port 1(bridge_slave_0) entered blocking state
[  295.099213][T14503] bridge0: port 1(bridge_slave_0) entered disabled state
[  295.108221][T14503] device bridge_slave_0 entered promiscuous mode
[  295.119328][T14503] bridge0: port 2(bridge_slave_1) entered blocking state
[  295.126661][T14503] bridge0: port 2(bridge_slave_1) entered disabled state
[  295.135702][T14503] device bridge_slave_1 entered promiscuous mode
[  295.173201][T14503] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  295.185983][T14503] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  295.223199][T14503] team0: Port device team_slave_0 added
[  295.233170][T14503] team0: Port device team_slave_1 added
[  295.387756][T14503] device hsr_slave_0 entered promiscuous mode
[  295.633407][T14503] device hsr_slave_1 entered promiscuous mode
[  295.919098][T14503] bridge0: port 2(bridge_slave_1) entered blocking state
[  295.926403][T14503] bridge0: port 2(bridge_slave_1) entered forwarding state
[  295.934352][T14503] bridge0: port 1(bridge_slave_0) entered blocking state
[  295.941582][T14503] bridge0: port 1(bridge_slave_0) entered forwarding state
[  296.003180][ T3911] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.014929][ T3911] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.075468][T14503] 8021q: adding VLAN 0 to HW filter on device bond0
[  296.099139][ T3911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  296.108067][ T3911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  296.124985][T14503] 8021q: adding VLAN 0 to HW filter on device team0
[  296.141666][ T3911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  296.151470][ T3911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  296.160805][ T3911] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.168085][ T3911] bridge0: port 1(bridge_slave_0) entered forwarding state
[  296.233055][ T3911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  296.243340][ T3911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  296.252497][ T3911] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.259687][ T3911] bridge0: port 2(bridge_slave_1) entered forwarding state
[  296.268350][ T3911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  296.278936][ T3911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  296.289191][ T3911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  296.299444][ T3911] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  296.309250][ T3911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  296.319428][ T3911] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  296.329194][ T3911] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  296.338494][ T3911] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  296.347711][ T3911] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  296.357127][ T3911] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  296.370228][T14503] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  296.379680][ T3911] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  296.441778][T14503] 8021q: adding VLAN 0 to HW filter on device batadv0
[  296.882695][ T2894] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  297.122202][ T2894] usb 1-1: Using ep0 maxpacket: 8
[  297.242574][ T2894] usb 1-1: config 0 has an invalid interface number: 152 but max is 0
[  297.250871][ T2894] usb 1-1: config 0 has no interface number 0
[  297.257189][ T2894] usb 1-1: New USB device found, idVendor=04bb, idProduct=0930, bcdDevice=d2.4a
[  297.266344][ T2894] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.277195][ T2894] usb 1-1: config 0 descriptor??
[  297.512342][ T2894] ==================================================================
[  297.520466][ T2894] BUG: KMSAN: uninit-value in ax88178_bind+0x635/0xad0
[  297.527350][ T2894] CPU: 1 PID: 2894 Comm: kworker/1:2 Not tainted 5.2.0-rc4+ #11
[  297.538730][ T2894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  297.549746][ T2894] Workqueue: usb_hub_wq hub_event
[  297.554786][ T2894] Call Trace:
[  297.558192][ T2894]  dump_stack+0x191/0x1f0
[  297.562566][ T2894]  kmsan_report+0x162/0x2d0
[  297.567105][ T2894]  __msan_warning+0x75/0xe0
[  297.571634][ T2894]  ax88178_bind+0x635/0xad0
[  297.576190][ T2894]  ? asix_get_link+0x60/0x60
[  297.580797][ T2894]  usbnet_probe+0x10d3/0x3950
[  297.585511][ T2894]  ? kmsan_internal_memset_shadow+0x104/0x3a0
[  297.591639][ T2894]  ? usbnet_disconnect+0x660/0x660
[  297.596777][ T2894]  usb_probe_interface+0xd19/0x1310
[  297.602018][ T2894]  ? usb_register_driver+0x7d0/0x7d0
[  297.607331][ T2894]  really_probe+0x1344/0x1d90
[  297.612051][ T2894]  driver_probe_device+0x1ba/0x510
[  297.617192][ T2894]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  297.623120][ T2894]  __device_attach_driver+0x5b8/0x790
[  297.628541][ T2894]  bus_for_each_drv+0x28e/0x3b0
[  297.633418][ T2894]  ? deferred_probe_work_func+0x400/0x400
[  297.639188][ T2894]  __device_attach+0x489/0x750
[  297.643997][ T2894]  device_initial_probe+0x4a/0x60
[  297.649049][ T2894]  bus_probe_device+0x131/0x390
[  297.653934][ T2894]  device_add+0x25b5/0x2df0
[  297.658502][ T2894]  usb_set_configuration+0x309f/0x3710
[  297.664107][ T2894]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  297.670222][ T2894]  generic_probe+0xe7/0x280
[  297.674743][ T2894]  ? usb_choose_configuration+0xae0/0xae0
[  297.680491][ T2894]  usb_probe_device+0x146/0x200
[  297.685376][ T2894]  ? usb_register_device_driver+0x470/0x470
[  297.691332][ T2894]  really_probe+0x1344/0x1d90
[  297.696062][ T2894]  driver_probe_device+0x1ba/0x510
[  297.701200][ T2894]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  297.707124][ T2894]  __device_attach_driver+0x5b8/0x790
[  297.712531][ T2894]  bus_for_each_drv+0x28e/0x3b0
[  297.717409][ T2894]  ? deferred_probe_work_func+0x400/0x400
[  297.723166][ T2894]  __device_attach+0x489/0x750
[  297.727978][ T2894]  device_initial_probe+0x4a/0x60
[  297.733031][ T2894]  bus_probe_device+0x131/0x390
[  297.737918][ T2894]  device_add+0x25b5/0x2df0
[  297.742480][ T2894]  usb_new_device+0x23e5/0x2fb0
[  297.747397][ T2894]  hub_event+0x5853/0x7320
[  297.751920][ T2894]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  297.757839][ T2894]  ? led_work+0x720/0x720
[  297.762183][ T2894]  ? led_work+0x720/0x720
[  297.766531][ T2894]  process_one_work+0x1572/0x1f00
[  297.771607][ T2894]  worker_thread+0x111b/0x2460
[  297.776451][ T2894]  kthread+0x4b5/0x4f0
[  297.780542][ T2894]  ? process_one_work+0x1f00/0x1f00
[  297.785773][ T2894]  ? kthread_blkcg+0xf0/0xf0
[  297.790460][ T2894]  ret_from_fork+0x35/0x40
[  297.795024][ T2894] 
[  297.797445][ T2894] Local variable description: ----buf@ax88178_bind
[  297.803952][ T2894] Variable was created at:
[  297.808383][ T2894]  ax88178_bind+0x60/0xad0
[  297.812814][ T2894]  usbnet_probe+0x10d3/0x3950
[  297.817487][ T2894] ==================================================================
[  297.825548][ T2894] Disabling lock debugging due to kernel taint
[  297.831705][ T2894] Kernel panic - not syncing: panic_on_warn set ...
[  297.838311][ T2894] CPU: 1 PID: 2894 Comm: kworker/1:2 Tainted: G    B             5.2.0-rc4+ #11
[  297.847332][ T2894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  297.857407][ T2894] Workqueue: usb_hub_wq hub_event
[  297.862441][ T2894] Call Trace:
[  297.865759][ T2894]  dump_stack+0x191/0x1f0
[  297.870116][ T2894]  panic+0x3c9/0xc1e
[  297.874077][ T2894]  kmsan_report+0x2ca/0x2d0
[  297.878609][ T2894]  __msan_warning+0x75/0xe0
[  297.883136][ T2894]  ax88178_bind+0x635/0xad0
[  297.887669][ T2894]  ? asix_get_link+0x60/0x60
[  297.892273][ T2894]  usbnet_probe+0x10d3/0x3950
[  297.896978][ T2894]  ? kmsan_internal_memset_shadow+0x104/0x3a0
[  297.903130][ T2894]  ? usbnet_disconnect+0x660/0x660
[  297.908303][ T2894]  usb_probe_interface+0xd19/0x1310
[  297.913558][ T2894]  ? usb_register_driver+0x7d0/0x7d0
[  297.918897][ T2894]  really_probe+0x1344/0x1d90
[  297.923620][ T2894]  driver_probe_device+0x1ba/0x510
[  297.928760][ T2894]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  297.934711][ T2894]  __device_attach_driver+0x5b8/0x790
[  297.940128][ T2894]  bus_for_each_drv+0x28e/0x3b0
[  297.945006][ T2894]  ? deferred_probe_work_func+0x400/0x400
[  297.950755][ T2894]  __device_attach+0x489/0x750
[  297.955555][ T2894]  device_initial_probe+0x4a/0x60
[  297.960599][ T2894]  bus_probe_device+0x131/0x390
[  297.965484][ T2894]  device_add+0x25b5/0x2df0
[  297.970043][ T2894]  usb_set_configuration+0x309f/0x3710
[  297.975562][ T2894]  ? __msan_metadata_ptr_for_load_1+0x10/0x20
[  297.981673][ T2894]  generic_probe+0xe7/0x280
[  297.986198][ T2894]  ? usb_choose_configuration+0xae0/0xae0
[  297.991938][ T2894]  usb_probe_device+0x146/0x200
[  297.996816][ T2894]  ? usb_register_device_driver+0x470/0x470
[  298.002739][ T2894]  really_probe+0x1344/0x1d90
[  298.007467][ T2894]  driver_probe_device+0x1ba/0x510
[  298.012602][ T2894]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  298.018523][ T2894]  __device_attach_driver+0x5b8/0x790
[  298.023934][ T2894]  bus_for_each_drv+0x28e/0x3b0
[  298.028801][ T2894]  ? deferred_probe_work_func+0x400/0x400
[  298.034555][ T2894]  __device_attach+0x489/0x750
[  298.039355][ T2894]  device_initial_probe+0x4a/0x60
[  298.044492][ T2894]  bus_probe_device+0x131/0x390
[  298.049504][ T2894]  device_add+0x25b5/0x2df0
[  298.054091][ T2894]  usb_new_device+0x23e5/0x2fb0
[  298.058994][ T2894]  hub_event+0x5853/0x7320
[  298.063521][ T2894]  ? kmsan_get_shadow_origin_ptr+0x71/0x470
[  298.069428][ T2894]  ? led_work+0x720/0x720
[  298.073773][ T2894]  ? led_work+0x720/0x720
[  298.078122][ T2894]  process_one_work+0x1572/0x1f00
[  298.083203][ T2894]  worker_thread+0x111b/0x2460
[  298.088029][ T2894]  kthread+0x4b5/0x4f0
[  298.092290][ T2894]  ? process_one_work+0x1f00/0x1f00
[  298.097536][ T2894]  ? kthread_blkcg+0xf0/0xf0
[  298.102143][ T2894]  ret_from_fork+0x35/0x40
[  298.107295][ T2894] Kernel Offset: disabled
[  298.112299][ T2894] Rebooting in 86400 seconds..